this post was submitted on 23 Sep 2023
836 points (98.6% liked)
Programmer Humor
32721 readers
305 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Authenticator to the left of me, SMS to the right, here I am Man In The Middle Attack.
Happened to me because I had an account on a crypto exchange. The attacker went in to my phone carrier’s store, likely with a fake ID, convinced the store they were me, then got a new SIM card and reset my password on everything they could with it. They logged in to my crypto exchange mere minutes after they got the SIM, saw the $0.03 in my account, and logged out.
Sometimes it's less about the person that you're targeting and more about what that access gives you.
Low level accountant? Office worker with an excel file full of passwords or has correspondence with your actual target at a different company that you can pose as to gain access into?
They're just a step in the process.
I'm not sure where this idea of high profile target comes from. The sim swap attack is pretty common. People just need to be in some credentials leak DB with some hint of crypto trading or having some somewhat interesting social media account. (either interesting handle or larger number of followers)
There are now organized groups that essentially provide sim swap as a service. Sometimes employees of the telco company are in on it. The barrier to entry is not that high, so the expected reward does not need to be that much higher.
Hahah... of course, phishing doesn't exist, right? Your SMS app knows that the website you paste your code into is the legit one, right??